Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious JavaScript payload executed due to missing output sanitisation. Proper escaping has been added to the userlog details output.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://hackerone.com/reports/3669623 |
|
History
Wed, 24 Jun 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS via User Full Name Field in System-Generated Email Logs |
Wed, 24 Jun 2026 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS via User Full Name Field in System-Generated Email Logs |
Wed, 24 Jun 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS through user full name in Revive:Adserver |
Wed, 24 Jun 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS through user full name in Revive:Adserver |
Tue, 23 Jun 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS via User Full Name in Admin Email Logs |
Tue, 23 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Revive
Revive adserver |
|
| Vendors & Products |
Revive
Revive adserver |
Tue, 23 Jun 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Stored XSS via User Full Name in Admin Email Logs |
Tue, 23 Jun 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 23 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious JavaScript payload executed due to missing output sanitisation. Proper escaping has been added to the userlog details output. | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_0
|
Status: PUBLISHED
Assigner: hackerone
Published: 2026-06-23T16:14:38.240Z
Updated: 2026-06-23T17:25:34.164Z
Reserved: 2026-05-08T15:00:02.446Z
Link: CVE-2026-44956
Updated: 2026-06-23T17:25:22.378Z
No data.
No data.